Application attacks focus on application software instead of the operating system, where most classical perimeter exploit vulnerabilities are found. A wide variety of application attacks are aimed at web servers and associated functions, but they can also use other applications and protocols. Here is a sample list of some application attack vectors:

SQL injection – injection of SQL commands into data queries that are not properly parsed can allow an attacker to show data that should be kept private, to create or delete data, and in some cases compromise the entire system by gaining command line access

PHP – this commonly used web application language has had many vulnerabilities exposed over the last few years. Scripts that allow user input with file functions are problematic

Cross site scripting (XSS) –

Cross site request forgeries (CSRF) –

VOIP – Voice Over IP applications have a wide variety of vulnerabilities that can allow interception of packets and injection of packets with malicious intent or compromise of the system

SNMP

FTP

SSH

DNS

SMTP

DEFENSES:
Configuration – set design and configuration standards to prevent vulnerabilities
Patching – apply patches and updates
Detection – intrusion detection signatures can spot many of these
Education – both developers and users need to be aware of the attacks and methods to avoid them